Black Duck On Demand

On-Demand Compliance

March 28, 2005

By
Rob Reilly

Black Duck Software is rolling out an on-demand service that will help small companies establish their software compliance processes at a modest cost.

Since manual analysis and remediation has been a time consuming and error prone proposition, many large companies have turned to Black Duck's standalone product line to automate their evaluation of code. The products have ranged from $25,000 on up, making them suitable for the larger organizations.

The company's protexIP/OnDemand Web-based service subscription is easily obtained by credit card starting at $3,000 for a 10-MB code base. This puts open source licensing analysis capabilities within reach of small software development shops, law firms involved in intellectual property litigation and venture capitalists doing due diligence.

"We are expecting thousands of customers to use it," said Doug Levin, CEO of Black Duck Software.

Managing intellectual property risks in software has been a hot topic lately, especially with the coverage of SCO vs. IBM and the outsourcing of software coding to low labor cost regions.

Black Duck's new protexIP/OnDemand product is a Web-based source code analysis solution that uses the same analysis engine and knowledge base infrastructure, as the standalone protexIP product.

A small client program resides on the client machine and creates code prints of the source code being evaluated. The web interface handles the logistics of connecting the code prints to the service center.

Minimal configuration is needed on the client side. Simply point Black Duck at the code tree (path) and it will go to work.

The service center side has two parts:

A code analysis engine that looks for patterns in the open source/proprietary codeprints.

A constantly updated knowledge base that checks open source licenses and software origins.

After the source code is analyzed in the service center, the customer has the opportunity to manually evaluate the results. Conflicts and unknowns are flagged and brought to the customer's attention for further investigation. Finally, reports (hardcopy or files) with license violations and obligations can be produced which aid in the remediation of the code, with the ultimate aim of making everything legal.

The client can actually do a side-by-side comparison of their code in one window pane and the project code (as consolidated in the Black Duck database) in the other pane. Proprietary code can also be inserted into the Black Duck database to add to the ever growing knowledge base.

Analysis times vary according to the size of the customer code base, amount of proprietary code involved, and which open source projects are utilized. Levin said that it generally takes less time to perform an analysis than it does to compile that same code.

Levin commented that protextIP could handle 44 different languages including: PHP, Python, C, C++, Java and others. It checks both open source and proprietary code and is platform independent.